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DETAILED ACTION 

Claims 1-30 have been examined and are pending. 

Response to Amendment 

Examiner acknowledges the included terminal disclaimer to rectify the 
provisional double patenting rejection based on a judicially created obvious-type 
double patenting. 

Response to Arguments 

Applicant's arguments with respect to claims 1-20 have been considered 
but are moot in view of the new ground(s) of rejection. 

Claim Objections 

Claim 24, 26, and 28 objected to because of the following informalities: 
"sure" should be -secure — (line 18 of claim 24). Appropriate correction is 
required. 

Claim Rejections - 35 USC §112 

The following is a quotation of the second paragraph of 35 U.S.C. 112: 




Application/Control Number: 09/619,205 Page 3 

Art Unit: 2131 

The specification shall conclude with one or more claims particularly 
pointing out and distinctly claiming the subject matter which the applicant 
regards as his invention. 

Claims 2, 11, and 18 rejected under 35 U.S.C. 112, second paragraph, as 
being indefinite for failing to particularly point out and distinctly claim the subject 
matter which applicant regards as the invention. Claims 2, 1 1 , and 18 recite the 
limitation "said second digital certificates" in line 1 . There is insufficient 
antecedent basis for this limitation in the claim. 



Claim Rejections - 35 USC § 102 

(e) the invention was described in (1) an application for patent, published 
under section 122(b), by another filed in the United States before the 
invention by the applicant for patent or (2) a patent granted on an 
application for patent by another filed in the United States before the 
invention by the applicant for patent, except that an international 
application filed under the treaty defined in section 351(a) shall have the 
effects for purposes of this subsection of an application filed in the United 
States only if the international application designated the United States 
and was published under Article 21(2) of such treaty in the English 
language. 

Claims 1, 5, 7-10, 14-17, 21-30 are rejected under 35 U.S.C. 102(e) as 
being anticipated by Wood etal, hereinafter Wood (USP 6,609,198). 



As per claims 1,10, and 17 Wood teaches: 
computer-readable program code means for processing a first sign-on 
during a secure session using a digital certificate, further comprising (column 2, 
line 50 and column 9, line 56): 
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computer-readable program code means for establishing said 
secure session from a client machine to a server machine using said 
digital certificate, wherein said digital certificate represents an identity of 
said client machine or a user thereof (column 12, lines 10-20), 

computer-readable program code means for storing said digital 
certificate or a reference thereto at said server machine (column 13, lines 
1-10); 

computer-readable program code means for establishing a session 
from said server machine to a host system using a legacy host 
communication protocol, responsive to receiving, at said server machine, 
a first sign-on request from said client machine, wherein said first sign-on 
request identifies a first secure legacy host application to which said first 
sign-on is requested (column 5, lines 45-46 and column 9, line 27); 

computer-readable program code means for passing said stored 
digital certificate or said reference from said server machine to a host 
access security system (column 9, lines 52-65); 

computer-readable program code means, operable in said host 
access security system, for authenticating said identity using said passed 
digital certificate or a retrieved certificate which is retrieved using said 
reference (column 12, line 58 — column 13, line 10); 

computer-readable program code means for using said passed or 
retrieved digital certificate to locate access credentials for said user 
(column 13, lines 1-8); 
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computer-readable program code means for accessing a stored 
password or generating a password substitute representing said located 
credentials (column 13, lines 1-8); 

computer-readable program code means, operable in said host 
access security system, for returning said stored password or generated 
password substitute to said server machine, along with a first user 
identifier corresponding to said located credentials (column 13, lines 5-8); 

computer-readable program code means for using said returned 
password or password substitute and said returned first user identifier to 
transparently complete said first sign-on, on behalf of said user of said 
client machine, to said first secure legacy host application executing at 
said host system (column 13, lines 10-25); and 



computer-readable program code means for processing a subsequent 
sign-on during said secure session using a second digital certificate for a second 
identity, further comprising (column 7, lines 59-60): 

computer-readable program code means for receiving a 
subsequent sign-on request at said server machine from said client 
machine wherein: (1) said subsequent sign-on request identifies a second 
secure legacy host application to which said subsequent sign-on is 
requested; (2) said subsequent sign-on requires authenticating a 
requester of said subsequent sign-on; (3) said second secure legacy host 
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application may be identical to said first secure legacy host application; 
and (4) said requester of said subsequent sign-on is said user; (column 
14, lines 34-52); 

computer-readable program code means for retrieving said stored 
digital certificate or reference (column 13, lines 1-10) 

computer-readable program code means for passing said second 
digital certificate or a retrieved certificate reference from said server 
machine to said host access security system (column 9, lines 52-65); 

computer-readable program code means, operable in said host 
access security system, for re-authenticating said identity using said 
passed retrieved digital certificate or a retrieved reference which is 
retrieved using said retrieved certificate reference (column 14, lines 45- 
52); 

computer-readable program code means, operable in said host 
access security system, for using said passed retrieved digital certificate 
or said retrieved reference to locate retrieved access credentials (column 
12, line 60— column 13, line 10); 

computer-readable program code means for accessing a retrieved 
stored password or generating a retrieved password substitute 
representing said retrieved credentials (column 13, lines 1-10); 

computer-readable program code means, operable in said host 
access security system, for returning said re-accessed stored password or 
generated new password substitute to said server machine, along with 
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said user identifier corresponding to said re-located credentials (column 
13, line 10-12); and 

computer-readable program code means for using said returned re- 
accessed stored password or new retrieved password substitute and said 
returned user identifier corresponding to said re-located credentials to 
transparently complete said subsequent sign-on, on behalf of said 
requester to said secure legacy host application executing at said host 
system (column 14, lines 50-52). 

As per claim 5, Wood teaches said communication protocol is a Virtual 
Terminal protocol (column 5, line 30). 

As per claims 7, 14, and 21, Wood teaches said server machine is a Web 
application server machine (column 5, line 42). 

As per claims 8, 15, and 22, Wood teaches computer-readable program 
code means for requesting by said legacy host application, responsive to said 
computer-readable program code means for establishing said session, first 
sign-on information for said user (column 10, lines 39-42 and column 14, lines 
35-50); 

computer-readable program code means for responding to said 
request for first sign-on information by sending a first sign-on message 
with placeholders from said client machine to said server machine, said 
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placeholders representing a user identification and a password of said 
user (column 13, lines 26-44); and 

said computer-readable program code means for using said 
returned password and said returned first user identifier to transparently 
complete said first sign-on further comprises: 

computer-readable program code means for substituting said 
returned user identifier and said returned password or password substitute 
for said placeholders in said first sign-on message, thereby creating a 
revised first sign-on message (column 13, lines 1-12); and 

computer-readable program code means for forwarding said 
revised first sing-on message from said server machine to said first secure 
legacy host application (column 13, lines 10-12). 



As per claims 9, 16, and 23, Wood teaches computer-readable program 
code means for using said returned password or password substitute and said 
returned first user identifier to transparently complete said first sign-on 
comprises: 

computer-readable program code means for requesting by said first 
secure legacy host application, responsive to said computer-readable program 
code means for establishing said session, first sign-on information for said user 
(column 13, lines 10-25); and 

computer-readable program code means for responding to said request 
for first sign-on information by supplying, from said server machine to said first 
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secure legacy host application, said returned user identifier and said returned 
password or password substitute (column 14, lines 25-52). 



As per claims 24, 26, and 28 Wood teaches computer-readable program 
code means for requesting by said second secure legacy host application, 
subsequent sign-on information for said requester; and 

computer-readable program code means for responding to said request 
for subsequent sign-on information by sending a subsequent sing-on message 
with placeholders from said client machine to said server machine, said 
placeholders representing said user identification and said password of said user 
(column 13, lines 26-44); and 

said computer-readable program code means for using said returned re- 
accessed password or new password substitute and said returned user identifier 
corresponding to said re-located credentials to transparently complete said 
second sign-on further comprises: 

computer-readable program code means for substituting said returned 
user identifier corresponding to said re-located credentials and said returned re- 
accessed password or new password substitute for said placeholders in said 
subsequent sign-on message, thereby creating a revised subsequent sign-on 
message; and 

computer-readable program code means for forwarding said revised 
subsequent sign-on message from said server machine to said second secure 
legacy host application (column 14, lines 25-52). 



Application/Control Number: 09/619,205 
Art Unit: 2131 



Page 10 



As per claims 25, 27, and 29, Wood teaches computer-readable program 
code means for requesting, by said second secure legacy host application, 
subsequent sign-on information for said requester (column 10, lines 39-42 and 
column 14, lines 35-52); and computer-readable program code means for 
responding to said request for subsequent sign-on information by supplying, from 
said server machine to said second secure legacy host application, said returned 
user identifier associated with said re-located credentials and said returned re- 
accessed password or new password substitute (column 12, line 58 — column 13, 
line 10). 

As per claim 30, Wood teaches: 

Establishing a secure session between a client and server using a digital 
certificate owned by a user of said client (column 2, line 50 and column 9, line 
56); 

remembering said digital certificate at said server (column 13, lines 1-10); 

completing a first sign-on to a host application, by said server on behalf of 
said user, responsive to receiving an asynchronous sing-on request from said 
clients that identifies said host application, further comprising the steps of 
(column 5, lines 45-45 and column 9, line 27): 

using said remembered digital certificate to authenticate said user to a 
host access security component (column 12, line 58 — column 13, line 10); 
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if said user is authenticated, locating, by said host access security 
component, access credentials of said user (column 13, lines 1-10); 

creating by said host access security component, a passticket that 
represents said located access credentials (column 13, lines 8-10); 

returning said passticket from said host access security component to said 
server along with a user identifier associated with said located access credentials 
(column 13, lines 10-12); and 

inserting said passticket and said user identifier into a log-on message in 
place of placeholders therefor, when said log-on message is received at said 
server from said client, thereby creating a revised log-on message that is then 
sent from said server to sign said user on to said host application (column 13, 
lines 26-44); 

completing a subsequent sign-on to a second host application, on behalf of user, 
responsive to receiving a second asynchronous sign-on request from said client 
that identifies said second host application, wherein said second host application 
may be identical to said host application (column 14, lines 34-52); 

passing said remembered digital certificate from said server to said host 
access security component for authenticating said user for access to said second 
host application (column 9, lines 52-65); 

if said user is authenticated for access to said second host application, 
location, by said host access security component, second access credentials of 
said user, wherein said second access credentials may be identical to said 
located access credentials (column 14, lines 45-52); 
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creating, by said host access security component, a second passticket 
that represents said located second access credentials of user (column 14, lines 

49- 50); 

returning said second passticket from said host access security 
component to said server, along with a second user identifier associated with 
said second located access credentials (column 13, lines 10-12); 

and inserting said returned second passticket and said returned 
second user identifier into a subsequent log-on message that is then sent from 
said server to sign said user on to said second host application (column 14, lines 

50- 51). 

Claim Rejections - 35 USC § 103 

0 

Claims 2, 11, and 18 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Wood in view of Carroll (USP 6,105,131). 

As per claims 2, 1 1 , and 18 Wood fails to teach that the certificates are 
x.509 certificates. Carroll teaches said digital certificate is an X.509 certificate 
and said digital certificate reference and second certificate reference are 
references to an X.509 certificate (column 6, line 1 1 ). In view of this it would have 
been obvious to one of ordinary skill in the art at the time of the invention to 
employ the teachings of Carroll within the system of Wood because X.509 is a 
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well-accepted standard of digital certificates, which uses proven security 
features. 

Claims 3, 4, 12, and 19, are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Wood in view of Cohen et al (USP 6,178,511). 

As per claims 3, 4, 12, and 19, Wood teaches a secure method of 
communication that utilizes legacy protocols (column 5, line 30). Wood does not 
explicitly teach the use of 3270 emulation protocol or the 5250 emulation 
protocol. Cohen et al teach the use of 3270 emulation protocol and the 5250 
emulation protocol for a secure method of communication (column 4, line 27). 
Both the 3270 and 5250 emulation protocol are well established and known by 
those of ordinary skill in the art as a means to securely log a user into a system. 
Wood's method of communication is centered on security. 

In view of this, it would have been obvious to one of ordinary skill in the art 
at the time the invention was made to employ the teaching of Cohen et al within 
the system of Wood because it would allow the system to securely logon a user 
so that the user could then establish a secure connection with the other entities 
of the system. 

Claims 6, 13, and 20, are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Wood and Cohen as applied to claims 3, 12, and 19 above, 
and further in view of Carroll. 
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As per claims 6, 13, and 20, Wood and Cohen fail to expressly teach that the 
host access security system, is Resource Access Control Facility system (column 
2, lines 49-55 and column 3, lines 23-33). Carroll teaches the use of a host 
access security system is the function of a Resource Access Control Facility 
system (column 2, lines 49-55 and column 3, lines 23-33). In view of this it would 
have been obvious to one of ordinary skill in the art at the time of the invention to 
employ the teachings of Carroll within the system of Wood and Cohen because a 
Resource Access Control Facility performs the same security functions as the 
security system of Wood to limit access to protected network resources. 

Conclusion 

Applicant's amendment necessitated the new ground(s) of rejection 
presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. 
See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as 
set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire 
THREE MONTHS from the mailing date of this action. In the event a first reply is 
filed within TWO MONTHS of the mailing date of this final action and the advisory 
action is not mailed until after the end of the THREE-MONTH shortened statutory 
period, then the shortened statutory period will expire on the date the advisory 
action is mailed, and any extension fee pursuant to 37 CFR 1 .136(a) will be 
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calculated from the mailing date of the advisory action. In no event, however, will 
the statutory period for reply expire later than SIX MONTHS from the date of this 
final action. 

Any inquiry concerning this communication or earlier communications from 
the examiner should be directed to Michael R Vaughan whose telephone number 
is 703-305-0354. The examiner can normally be reached on M-F 7:30-4:00. 

If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, Ayaz Sheikh can be reached on 703-305-9648. The fax 
phone number for the organization where this application or proceeding is 
assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from 
the Patent Application Information Retrieval (PAIR) system. Status information 
for published applications may be obtained from either Private PAIR or Public 
PAIR. Status information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see http://pair- 
direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll- 
free). 
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